Recipe 8.10. Managing Passwords
8.10.1 Problem
You need to reset a password, or
put an expiration date on it, or you want to set a limit on failed
login attempts. Resetting a password is the solution to the perennial
"I forgot my password" problem;
many Linux administrators think it's a good idea to
"expire" passwords, forcing users
to change them periodically.
8.10.2 Solution
Use passwd to set and configure passwords.
To reset or change a password use:
# passwd aborg
Users can also change their own passwords:
aborg@server04:~$ passwd
This command sets aborg's password to expire after
six months, with five days' warning:
# passwd -x 180 -w 5 -i 1 aborg
To view a user's password settings, use:
# passwd -S option
aborg P 02/18/2004 0 10 5 1
8.10.3 Discussion
Passwords can consist of numbers, letters, and punctuation marks, and
they are case-sensitive. Don't use spaces or
function keys. Strong passwords work best—this means no names,
no dictionary words, no birthdays or addresses. The best way to keep
track of passwords is write them down and keep them in a safe place.
Most people, if they can't remember all of their
passwords, end up choosing weak, easily guessable passwords, or
leaving them in obvious, insecure places (such as on a note stuck to
the monitor).
Linux passwords are not designed to be recoverable. If a password is
lost, the user must depend on the benevolence of the superuser to
create a new one.
8.10.4 See Also
| 
